The regulatory landscape for fintechs operating in the US is extremely complex. There is no ‘fintech-specific’ regulatory framework in operation in the US, but fintech businesses’ activities will almost certainly come within the purview of several regulatory bodies and will require the firms to register and comply with the obligations set out by one or (more likely) several regulatory bodies.
The situation is made more difficult by the fact that fintech businesses will be subject to regulation at both a federal and state level. Even fintechs offering relatively simple products or services will likely have to secure licences from multiple federal and state regulators, and comply with the requirements set out by those bodies.
Compliance should be a top-level priority for any fintech business looking to operate in the US. In this article we’ve compiled lists of some of the regulators and regulations by which US fintechs are most likely to be governed. However, it is crucial to remember that every business will be subject to specific regulatory requirements; it is therefore vitally important that fintechs seek independent legal counsel before taking any decisions. Please note that this article is not intended to constitute legal advice of any kind. Always seek independent counsel.
Fintech regulators in the US
There is a wide range of regulatory bodies that may govern the activities of fintech businesses operating in the US. Some have extremely broad jurisdictions, while others focus on specific activities.
The following is a (non-exhaustive) list of the key US regulators with which fintechs may have to register and comply.
Federal Trade Commission (FTC)
The FTC is responsible for tackling “anticompetitive, unfair, or deceptive” practices amongst businesses that offer services to consumers. It has also developed a significant corpus of regulatory requirements for businesses operating in the US, including obligations regarding privacy and data protection.
Consumer Financial Protection Bureau (CFPB)
The CFPB regulates financial services offered to consumers. It also carries out general enforcement against what are deemed to be deceptive or unfair practices.
Federal Deposit Insurance Corporation (FDIC)
The FDIC administers the US deposit protection scheme, which insures deposits up to $250,000 per account. It also regulates banks that are not members of the Federal Reserve Scheme.
Securities and Exchange Commission (SEC)
The SEC regulates the US securities market. It has jurisdiction over businesses including securities exchanges, brokers, and dealers; investment advisors; and mutual funds.
Commodity Futures Trading Commission (CFTC)
The CFTC regulates the US commodities markets, and has jurisdiction over businesses such as trading organisations and intermediaries.
Office of the Comptroller of the Currency (OCC)
The OCC regulates national banks, but in 2018 it announced that it would also begin accepting applications for special purpose charters from fintechs. The charter is restricted to fintechs that accept deposits, pay cheques, or carry out lending activities. Fintechs that receive the charter are required to comply with the same requirements imposed on national banks.
Financial Crimes Enforcement Network (FinCEN)
FinCEN is responsible for enforcing the US Anti-Money Laundering (AML) regulations. It sets the terms of AML compliance amongst financial companies, and collects and shares information with other agencies.
Financial Industry Regulatory Authority (FINRA)
FINRA regulates businesses offering investment activities, including crowdfunding. All crowdfunding portals must be registered with FINRA as well as with the SEC.
As well as being subject to federal and state regulation, businesses conducting payments-related activities will also have compliance obligations to a number of industry associations. These include the payments card associations and NACHA.
Finally, it is vital to remember that fintechs operating in the US will be regulated not only by federal bodies but also at a state level. Laws can vary significantly between states and the compliance landscape is complex - but some measures are being taken to simplify and rationalise the state-level regulatory frameworks, as we will see in a later section.
Fintech regulations in the US
The specific regulations with which fintechs must comply will depend on the activities they are pursuing. However, there are some particularly common regulations that every fintech operating in the US should consider.
Gramm-Leach Bliley Act (GLBA)
Also known as the Financial Modernization Act, the GLBA requires all financial institutions to explain to their customers how their information is being shared, and to safeguard their data.
Fair Credit Reporting Act (FCRA)
The FCRA determines the ways in which financial institutions can collect consumer credit information, and extends consumer rights regarding access to the credit reports.
US Anti-Money Laundering regulations (AML)
There are two main AML Acts in force in the US: the Bank Secrecy Act, and the USA Patriot Act. Between them, these laws include obligations regarding anti-money laundering risk management programmes, customer due diligence (CCD), and various record-keeping tasks. The Patriot Act also includes specific requirements regarding cross-border transactions.
Crowdfunding platforms and other funding portals are required by the JOBS Act to register with the SEC and FINRA. The JOBS Act also introduces additional obligations and restrictions on these businesses, including maximum fundraising amounts and disclosure requirements.
Fund Transfer Act and CFPB Regulation E
The Fund Transfer Act and CFPB Regulation E are two of many laws governing payments-related activities. Specifically, they impose requirements on financial institutions to resolve errors in transfers.
Securities Act and Exchange Act
Initial Coin Offerings (ICOs) are popular amongst fintech startups. The treatment of these activities has been controversial in the US, but precedent has now been set with what is known as the Howey Test. This test determines the legal status of the ICO and, if it meets the threshold requirements, it will be subject to the Securities Act and Exchange Act.
These regulations place restrictions on businesses carrying out email marketing.
The future for fintech regulation in the US
As is the case in almost every country worldwide, US regulators have been slow to adapt to the huge changes brought about by the rise of fintechs, and there remains a knowledge gap between regulators and the businesses they are attempting to regulate.
However, the regulatory landscape is changing. Lawmakers are coming to understand the specific nature of the fintech sector, and there have been attempts to simplify the byzantine legal framework in order to encourage growth.
Better state cooperation
Several states have begun cooperating in an attempt to reduce complexity around state-by-state regulatory requirements. In particular, regulators in seven states have agreed to recognise each other’s findings when assessing licence applications, removing some of the burden of state-specific compliance.
Many countries have established ‘regulatory sandboxes’ - test environments in which fintech companies can carry out experiments under regulatory supervision. Regulators in some countries (notably the FCA in the UK) allow fintechs to conduct those experiments with real customers.
No such framework currently exists at the federal level in the US, but there have been attempts to establish one; notably the CFPB and Treasury both published 2018 reports including proposals for establishing sandboxes. These tools do exist in some states: Arizona passed a sandbox law in 2018 and Wyoming followed in 2019; meanwhile Washington DC is actively considering such a law.
How do I comply with US fintech regulations?
There is no single answer to the challenge of compliance. As we’ve already discussed, every business will be subject to their own specific regulatory obligations. However, there are some simple steps that should be considered by every fintech looking to operate in the US.
- Seek advice before you do anything else
It is absolutely crucial to seek independent legal counsel regarding compliance issues, and this should be done before any concrete decisions are taken. Speak to specialist lawyers well ahead of time to understand what regulatory burdens your business might face and how you can meet them.
- Hire wisely
Compliance should be embedded into your business, and this requires dedicated talent. Make sure you have specialist knowledge on hand from the outset, and that it is treated as a core element of your activities.
- Don’t underestimate the resource requirement
Compliance is not a one-off task. Fintechs operating in the US (and, indeed, in almost every other territory) should prepare to deal with compliance as an everyday issue. Make sure you dedicate sufficient resource to these tasks.
- Consider partnerships
In some circumstances, it may be sensible to enter into a partnership with an existing business that has already secured the relevant licences. Before doing this you should, of course, think carefully about the terms of any such deal.
- Look ahead
Finally, remember that the regulatory landscape is shifting constantly. The laws governing fintechs in the US are in a state of flux, and every fintech business should remain alert and prepared for changes to their obligations.
DashDevs can help you build a great fintech product. Our dedicated fintech consultancy provides end-to-end development, security, and advisory services. Get in touch today.
Sources: Association of Corporate Counsel - Fintech in the United States (Nonaka, DeCresce, Hooper, Konko, 2018); USA - Fintech laws and regulations (Sahni, 2020); 10 Issues for Fintech Startup Companies (Harroch, Guzy, 2019); Fintech 2019 - USA (Stettner, Seo, Flynn, 2019)